[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: source limit
that should according to how to code it.
if( flowlimit_enable ) flowlimit_check( m, ....);
i implemented in freebsd not in openbsd. :)
btw, it do check only when session is creating & destorying.
one more advantage is that the new TCP connection which exceed the
limitatation will not be reset but packet was dropped.
In this way, the TCP connection can connect to server as soon as one of the
same source IP state was deleted.
----- Original Message -----
From: "Jedi/Sector One" <email@example.com>
To: "NortonNg" <firstname.lastname@example.org>
Cc: "Can Erkin Acar" <email@example.com>; <firstname.lastname@example.org>
Sent: Monday, March 17, 2003 9:51 PM
Subject: Re: source limit
> On Mon, Mar 17, 2003 at 09:36:22PM +0800, NortonNg wrote:
> > make a flowlimit_check hook before 'create states code' in
> > don't create any states in pf_test_tcp() if the limitation of the source
> > reach the maximum value.
> Would it have an impact on PF's performance when that feature would be
> __ /*- Frank DENIS (Jedi/Sector One) <j@42-Networks.Com> -*\
> \ '/ <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a> \'
> \/ <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a> \/